An aggregate of all of GoVanguard’s InfoSec & Cybersecurity related Posts, News, Threats and Data Feeds.

image
Only about half of enterprises are satisfied with their ability to detect cybersecurity threats, according to a survey from Forrester Consulting – with respondents painting a picture of major resource and technology gaps hamstringing their efforts to block cyberattacks. According to the just-released 2020 State of Security Operations survey of 314 enterprise security professionals, enterprise security teams around the world feel that they struggle with the growing pace, volume and sophistication of cyberattacks. A whopping 79 percent of enterprises covered in the survey have experienced a cyber-breach in the past year, and nearly 50 percent have been breached in the past six months. It turns out that businesses are under constant attack, with the average security operations team receiving more than 11,000 security alerts daily. Unfortunately, thanks to manual triage processes and disparate and legacy security tools permeating most environments, 28 percent of alerts are simply never addressed, the survey, released Thursday, found. Only 47 percent of organizations noted that they are able to address most or all of the security alerts they receive in a single day; and out of those that are addressed, almost a third are false positives. In fact, according to the report findings, only 13 percent of the surveyed organizations are using automation and machine learning to analyze and respond to threats. Nearly 20 percent of alerts are manually reviewed/triaged by an analyst. …

Source

image
As states deal with re-opening and in some cases, re-closing, the reality is that for many organizations, remote work will play a significant role in business through 2020 and beyond. And so will increased cybercriminal activity, as demonstrated by a 131 percent increase in viruses and about 600 new phishing attacks a day when the pandemic started. Initially, we saw a number of phishing attacks directly related to COVID-19 (including ones purporting to be from the Centers for Disease Control and Prevention). Later, these attacks centered on stimulus packages and unemployment insurance, before evolving to subjects like vaccines and the stock market. Now, attackers are using a variety of relevant subjects –everything from “staycations” to boat rentals and food deliveries. And they aren’t just using email for these attempts – online ads and mobile apps are just a couple of other tactics used. Even if organizations have created more flexible remote-work policies to better accommodate the needs of their employees in the short term, these businesses must ensure that their teleworker strategies can support and secure remote connectivity long-term. Clarity from Crisis Due to the pandemic, CISOs initially faced the incredible pressure of maintaining business continuity with almost 100 percent of the workforce shifting to working from home, in just a couple of days. Many successful approaches that we have seen for this are based on a careful analysis of existing capabilities, so that…

Source

image
The operators of the Maze ransomware have added a fresh trick to their bag of badness: Distributing ransomware payloads via virtual machines (VM). It’s a “radical” approach, according to researchers, meant to help the ransomware get around endpoint defense. That’s according to researchers with Sophos Managed Threat Response (MTR), who said that the threat actors were recently seen distributing the malware in the form of a VirtualBox virtual disk image (a VDI file). The VDI file itself was delivered inside of a Windows MSI file, which is a format used for installation, storage and removal of programs. In order to set up the VM on the target, “the attackers also bundled a stripped down, 11-year-old copy of the VirtualBox hypervisor inside the .MSI file, which runs the VM as a ‘headless’ device, with no user-facing interface,” researchers said, in a Thursday posting. The VM would run as a trusted application, which helps the ransomware conceal itself. Also, most endpoint solutions only have visibility into physical drives, not VMs – virtual environments usually require their own separate security monitoring solution. “Since the…ransomware application runs inside the virtual guest machine, its process and behaviors can run unhindered, because they’re out-of-reach for security software on the physical host machine,” Sophos explained in an earlier blog post. “The data on disks and drives accessible on the physical machine are attacked by the ‘legitimate’ VboxHeadless.exe…

Source

In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges and a compromised Firmware needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-110107252

Source

image
The U.S. Justice Department this week indicted seven Chinese nationals for a decade-long hacking spree that targeted more than 100 high-tech and online gaming companies. The government alleges the men used malware-laced phishing emails and "supply chain" attacks to steal data from companies and their customers. One of the alleged hackers was first profiled here in 2012 as the owner of a Chinese antivirus firm. Image: FBI Charging documents say the seven men are part of a hacking group known variously as "APT41," "Barium," "Winnti," "Wicked Panda," and "Wicked Spider." Once inside of a target organization, the hackers stole source code, software code signing certificates, customer account data and other information they could use or resell. APT41's activities span from the mid-2000s to the present day. Earlier this year, for example, the group was tied to a particularly aggressive malware campaign that exploited recent vulnerabilities in widely-used networking products, including flaws in Cisco and D-Link routers, as well as Citrix and Pulse VPN appliances. Security firm FireEye dubbed that hacking blitz "one of the broadest campaigns by a Chinese cyber espionage actor we have observed in recent years." The government alleges the group monetized its illicit access by deploying ransomware and "cryptojacking" tools (using compromised systems to mine cryptocurrencies like Bitcoin). In addition, the gang targeted video game companies and their customers in a bid to steal…

Source

image
The Mozi botnet, a peer-2-peer (P2P) malware known previously for taking over Netgear, D-Link and Huawei routers, has swollen in size to account for 90 percent of observed traffic flowing to and from all internet of things (IoT) devices, according to researchers. IBM X-Force noticed Mozi’s spike within it’s telemetry, amid a huge increase in overall IoT botnet activity. Combined IoT attack instances from October through June is 400 percent higher than the combined IoT attack instances for the previous two years. “Attackers have been leveraging these devices for some time now, most notably via the Mirai botnet,” according to IBM. “Mozi continues to be successful largely through the use of command-injection (CMDi) attacks, which often result from the misconfiguration of IoT devices. The continued growth of IoT usage and poor configuration protocols are the likely culprits behind this jump. This increase may have been fueled further by corporate networks being accessed remotely more often due to COVID-19.” Mozi first sauntered onto the scene in late 2019 targeting routers and DVRs, and has been analyzed a couple of times by various research teams. It’s essentially a Mirai variant, but also contains snippets from Gafgyt and IoT Reaper – it’s used for DDoS attacks, data exfiltration, spam campaigns and command- or payload-execution. IBM observed Mozi using CMDi for initial access to a vulnerable device via a “wget” shell command, then altering permissions to allow the threat…

Source

image
Apple has updated its iOS and iPadOS operating systems, which addressed a wide range of flaws in its iPhone, iPad and iPod devices. The most severe of these could allow an adversary to exploit a privilege-escalation vulnerability against any of the devices and ultimately gain arbitrary code-execution. The bugs were made public Wednesday as part of Apple’s release its iOS 14 and iPadOS 14 security changelogs. In total, Apple addressed 11 bugs in products and components, including AppleAVD, Apple Keyboard, WebKit and Siri. A list of CVEs can be found below. Apple does not rate its security bugs, but a cursory review of CVE descriptions indicate a wide range of concerning vulnerabilities that were patched. The Siri bug for instance allows a person with physical access to an iPhone to view notification contents from the lockscreen. Another bug was tied to maliciously crafted 3D Pixar files, called Universal Scene Description (USD), which could allow an adversary to execute arbitrary code on specific-model iOS devices. High-Severity Privilege-Escalation Bug: CVE-2020-9992 According to researchers at IBM’s X-Force, one of the most significant bugs patched by Apple is a privilege-escalation vulnerability impacting Apple iOS and iPadOS (up to 13.7). Tracked as CVE-2020-9992, the vulnerability could be exploited if a target were tricked into opening a specially crafted file. “An attacker could exploit this vulnerability to execute arbitrary code on a paired device during a debug…

Source

An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference.

Source

In brief

Please join us for a new weekly video series, hosted by Baker McKenzie’s North America Government Enforcement partners Tom Firestone and Jerome Tomas.

This weekly briefing is available on demand and will cover hot topics and current enforcement actions related to white collar crime and criminal investigations in the US and abroad to arm you with the information you need to start your business week.

As one of the largest global law firms, we will call upon our exceptionally deep and broad bench of white collar experts throughout the world and particularly in the commercial hubs of Europe, Asia, Africa and Latin America to join our weekly discussion series.

These briefings will cover:

  • High-profile DOJ case updates and implications
  • SEC enforcement developments
  • CFTC enforcement developments
  • Other white collar defense industry developments

Contents

8 September 2020

Video Link

24 August 2020

Video Link

17 August 2020

Video Link

10 August 2020

Video Link

3 August 2020

Video Link

27 July 2020

Video Link

20 July 2020

Video Link

13 July 2020

Video Link

6 July 2020

Video Link

29 June 2020

Video Link

22 June 2020

Video Link

17 June 2020

Video Link

9 June 2020

Video Link

26 May 2020

Video Link

The post United States: This Week in Government Enforcement appeared first on Global Compliance News.

Source

image
Google is taking the step of prohibiting “stalkerware” in Google Play, along with apps that could be used in political-influence campaigns. Effective October 1, apps that would allow someone to surreptitiously track the location or online activity of another person will be removed from the internet giant’s official online store. According to Google, stalkerware is defined as “code that transmits personal information off the device without adequate notice or consent and doesn’t display a persistent notification that this is happening.” This includes apps that can be used to monitor texts, phone calls or browsing history; or GPS trackers specifically marketed to spy or track someone without their consent. Abusers can use such apps for the purposes of harassment, surveillance, stalking and they can even lead to domestic violence, critics say. Google also specified that any consent-based tracking-related apps distributed on the Play Store (telemetry apps used by enterprises to keep tabs on employee activity) must comply with certain parameters. For instance, they can’t market themselves as spying or secret-surveillance solutions (such as apps that go with surveillance cameras, stealth audio recorders, dash cams, nanny cams and the like). Apps also can’t hide or cloak tracking behavior or attempt to mislead users about such functionality, and they have to present users with a “persistent notification and unique icon that clearly identifies the app,” according to a Wednesday…

Source